CVE-2024-45112

EUVD-2024-41315

13.09.2024, 09:15

Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Type Confusion

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 62%

Affected Products (NVD)

Vendor	Product	Version
adobe	acrobat	𝑥 < 20.005.30680
adobe	acrobat	24.001.0 ≤ 𝑥 < 24.001.30187
adobe	acrobat_dc	24.003.0 ≤ 𝑥 < 24.003.20112
adobe	acrobat_reader	𝑥 < 20.005.30680
adobe	acrobat_reader_dc	24.003.0 ≤ 𝑥 < 24.003.20112

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
adobe	acrobat_dc	𝑥 ≤ 24.003.20054	ADP
adobe	acrobat_dc	𝑥 ≤ 24.002.21005	ADP
adobe	acrobat	24.0 ≤ 𝑥 ≤ 24.001.30159	ADP
adobe	acrobat	24.0 ≤ 𝑥 ≤ 24.001.30159	ADP
adobe	acrobat	20.0 ≤ 𝑥 ≤ 20.005.30655	ADP
adobe	acrobat_reader	𝑥 ≤ 20.005.30636	ADP
adobe	acrobat_reader	20.0 ≤ 𝑥 ≤ 20.005.30635	ADP
adobe	acrobat_reader_dc	𝑥 ≤ 24.002.20991	ADP
adobe	acrobat_reader	20.0 ≤ 𝑥 ≤ 20.005.30635	ADP
adobe	acrobat_reader_dc	20.0 ≤ 𝑥 ≤ 24.002.21005	ADP
adobe	acrobat_reader_dc	20.0 ≤ 𝑥 ≤ 24.003.20054	ADP

Common Weakness Enumeration

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References

https://helpx.adobe.com/security/products/acrobat/apsb24-70.html